Last Call Review of draft-ietf-opsec-lla-only-07
review-ietf-opsec-lla-only-07-secdir-lc-inacio-2014-04-03-00
| Request | Review of | draft-ietf-opsec-lla-only |
|---|---|---|
| Requested revision | No specific revision (document currently at 11) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2014-04-07 | |
| Requested | 2014-03-27 | |
| Authors | Michael H. Behringer , Éric Vyncke | |
| Draft last updated | 2014-04-03 | |
| Completed reviews |
Genart Last Call review of -07
by
Peter E. Yee
(diff)
Genart Telechat review of -10 by Peter E. Yee (diff) Secdir Last Call review of -07 by Christopher Inacio (diff) Opsdir Last Call review of -07 by Suzanne Woolf (diff) |
|
| Assignment | Reviewer | Christopher Inacio |
| State | Completed | |
| Review |
review-ietf-opsec-lla-only-07-secdir-lc-inacio-2014-04-03
|
|
| Reviewed revision | 07 (document currently at 11) | |
| Result | Has Nits | |
| Completed | 2014-04-03 |
review-ietf-opsec-lla-only-07-secdir-lc-inacio-2014-04-03-00
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG. These comments were written primarily for the benefit of the
security area directors. Document editors and WG chairs should treat
these comments just like any other last call comments.
Overall impression is that this is a well written draft, and I didn’t
particularly notice any editorial comments, although I wasn’t focused on that.
The entire draft is dedicated to an informational router configuration that
encourages using link local addressing on the non-public facing router
interfaces. The draft, as a whole does a good job describing and referencing
previous work on configuration and mitigation strategies to encourage a more
secure configuration.
My only feedback is that the Security Considerations section might also include
a sentence referencing all of the other RFC’s and guidance previously mentioned
in the document:
For additional security considerations, as previously stated, see also:
[RFC5837], [I-D.ietf-opsec-bgp-security].
and possible a statement saying that all other previous recommendations for
control plane security, etc.
I do understand if this recommendation is not acted upon, it is difficult to
summarize an entire document which is about configuration for security into a
single concise paragraph at the end of the document.
regards,
--
Chris Inacio
inacio at cert.org